VIR Vulnerability Intelligence Relay

CVEs from 2023

6,100 normalized CVEs published or assigned in this year.

Total
6,100
critical
critical 240
high
high 1,530
medium
medium 1,393
low
low 32
% Critical
3.9%
% with KEV
2.7%
% with exploit
3.5%

Top vendors

Top products

  • office 29
  • office_long_term_servicing_channel 15
  • 365_apps 14
  • ftmg-esr50sxx 8
  • ftmg-esn40sxx 8
  • ftmg-esd25axx 8
  • ftmg-esr40sxx 8
  • ftmg-esd15axx 8

Top packages

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2023-33199 unknown 3y ago Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a pan…
CVE-2023-33779 unknown 3y ago Privilege escalation in XXL-Job
CVE-2023-20883 unknown 3y ago Spring Boot Welcome Page Denial of Service
CVE-2023-2798 unknown 3y ago Unrestricted recursion in htmlunit
CVE-2023-33947 unknown 3y ago Liferay portal has unauthorized access to object definition via search
CVE-2023-33948 unknown 3y ago Missing authorization in Liferay portal
CVE-2023-33950 unknown 3y ago Liferay Portal has Inefficient Regular Expression
CVE-2023-33946 unknown 3y ago Liferay portal unauthorized access to objects via OAuth 2 scope
CVE-2023-33944 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33949 unknown 3y ago Insecure Default Initialization In Liferay Portal
CVE-2023-33945 unknown 3y ago SQL injection in Liferay Portal
CVE-2023-33938 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33943 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33940 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33939 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33937 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33941 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-33942 unknown 3y ago Cross-site scripting in Liferay Portal
CVE-2023-32697 unknown 3y ago Sqlite-jdbc vulnerable to remote code execution when JDBC url is attacker controlled
CVE-2023-31826 unknown 3y ago Command injection in nevado-jms
CVE-2023-31101 unknown 3y ago User data exposure in Apache InLong
CVE-2023-33264 unknown 3y ago Hazelcast vulnerable to unmasked password exposure
CVE-2023-29159 unknown 3y ago Directory traversal vulnerability in Starlette versions 0.13.5 and later and prior to 0.27.0 allows a remote unauthenticated attacker to view files in a web service which was built using Starlette.
CVE-2023-31544 unknown 3y ago alkacon-OpenCMS vulnerable to stored Cross-site Scripting
CVE-2023-2631 unknown 3y ago Jenkins Code Dx Plugin missing permission checks
CVE-2023-2195 unknown 3y ago Jenkins Code Dx Plugin cross-site request forgery vulnerability
CVE-2023-32985 unknown 3y ago Jenkins Sidebar Link Plugin vulnerable to Path Traversal
CVE-2023-32995 unknown 3y ago Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability
CVE-2023-2632 unknown 3y ago Jenkins Code Dx Plugin stores API keys in plain text
CVE-2023-33000 unknown 3y ago Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking
CVE-2023-32984 unknown 3y ago Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability
CVE-2023-32982 unknown 3y ago Jenkins Ansible Plugin stores and displays secrets in plain text
CVE-2023-32997 unknown 3y ago Jenkins CAS Plugin Session Fixation vulnerability
CVE-2023-33004 unknown 3y ago Jenkins Tag Profiler Plugin missing permission check
CVE-2023-2633 unknown 3y ago Jenkins Code Dx Plugin displays API keys in plain text
CVE-2023-32978 unknown 3y ago Jenkins LDAP Plugin vulnerable to Cross-Site Request Forgery
CVE-2023-32992 unknown 3y ago Jenkins SAML Single Sign On(SSO) Plugin missing permission checks
CVE-2023-32988 unknown 3y ago Jenkins Azure VM Agents Plugin missing permission checks
CVE-2023-32994 unknown 3y ago Jenkins SAML Single Sign On(SSO) Plugin unconditionally disables SSL/TLS certificate validation
CVE-2023-32986 unknown 3y ago Jenkins File Parameter Plugin arbitrary file write vulnerability
CVE-2023-33003 unknown 3y ago Jenkins Tag Profiler Plugin vulnerable to Cross-Site Request Forgery
CVE-2023-32977 unknown 3y ago Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting
CVE-2023-32983 unknown 3y ago Jenkins Ansible Plugin job configuration form does not mask variables
CVE-2023-32987 unknown 3y ago Jenkins Reverse Proxy Auth Plugin cross-site request forgery vulnerability
CVE-2023-32990 unknown 3y ago Jenkins Azure VM Agents Plugin missing permission checks
CVE-2023-33006 unknown 3y ago Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability
CVE-2023-33007 unknown 3y ago Jenkins LoadComplete support Plugin Cross-site Scripting vulnerability
CVE-2023-33001 unknown 3y ago Jenkins HashiCorp Vault Plugin has improper masking of credentials
CVE-2023-32998 unknown 3y ago Jenkins AppSpider Plugin Cross-Site Request Forgery vulnerability
CVE-2023-32980 unknown 3y ago Jenkins Email Extension Plugin Cross-Site Request Forgery vulnerability
CVE-2023-32993 unknown 3y ago Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation
CVE-2023-32999 unknown 3y ago Jenkins AppSpider Plugin missing permission check
CVE-2023-32979 unknown 3y ago Jenkins Email Extension Plugin missing permission check
CVE-2023-32996 unknown 3y ago Jenkins SAML Single Sign On(SSO) Plugin missing permission checks
CVE-2023-32981 unknown 3y ago Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability
CVE-2023-33002 unknown 3y ago TestComplete support Plugin vulnerable to stored Cross-site Scripting
CVE-2023-32991 unknown 3y ago Jenkins SAML Single Sign On(SSO) Plugin Cross-Site Request Forgery vulnerability
CVE-2023-2196 unknown 3y ago Jenkins Code Dx Plugin missing permission checks
CVE-2023-33005 unknown 3y ago Jenkins WSO2 Oauth Plugin Session Fixation vulnerability
CVE-2023-32989 unknown 3y ago Jenkins Azure VM Agents Plugin Cross-site Request Forgery vulnerability
CVE-2023-31890 unknown 3y ago glazedlists XML Deserialization vulnerability
CVE-2023-53160 unknown 3y ago The sequoia-openpgp crate before 1.16.0 for Rust allows out-of-bounds array access and a panic.
CVE-2023-32068 unknown 3y ago org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability
CVE-2023-32081 unknown 3y ago Vert.x STOMP server process client frames that would not send initially a connect frame
CVE-2023-32082 unknown 3y ago etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.26 and 3.5.9, the LeaseTimeToLive API allows access to key names (not value) associated to a lease wh…
CVE-2023-29032 unknown 3y ago Apache OpenMeetings Improper Authentication vulnerability
CVE-2023-29246 unknown 3y ago Apache OpenMeetings vulnerable to remote code execution via null-bye injection
CVE-2023-32070 unknown 3y ago Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers
CVE-2023-32069 unknown 3y ago Privilege escalation (PR)/RCE from account through class sheet
CVE-2023-31141 unknown 3y ago OpenSearch issue with fine-grained access control during extremely rare race conditions
CVE-2023-31126 unknown 3y ago Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml
CVE-2023-32071 unknown 3y ago XWiki Platform vulnerable to RXSS via editor parameter - importinline template
CVE-2023-30093 unknown 3y ago ONOS vulnerable to Cross-site Scripting
CVE-2023-30331 unknown 3y ago Server-side template injection in beetl
CVE-2023-30551 unknown 3y ago Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory witho…
CVE-2023-25827 unknown 3y ago Cross Site Scripting in OpenTSDB
CVE-2023-32007 unknown 3y ago Apache Spark UI vulnerable to Command Injection
CVE-2023-29471 unknown 3y ago Lightbend Alpakka Kafka logs credentials on debug level
CVE-2023-30349 unknown 3y ago Remote code execution in JFinal CMS
CVE-2023-22665 unknown 3y ago Arbitrary javascript injection in Apache Jena
CVE-2023-29924 unknown 3y ago PowerJob vulnerable to incorrect access control
CVE-2023-1892 unknown 3y ago Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8.
CVE-2023-29525 unknown 3y ago XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration
CVE-2023-29527 unknown 3y ago XWiki Platform vulnerable to code injection from account through AWM view sheet
CVE-2023-29526 unknown 3y ago XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode
CVE-2023-29524 unknown 3y ago XWiki Platform vulnerable to code injection from account through XWiki.SchedulerJobSheet
CVE-2023-29523 unknown 3y ago XWiki Platform vulnerable to code injection in display method used in user profiles
CVE-2023-29522 unknown 3y ago XWiki Platform vulnerable to code injection from view right on XWiki.ClassSheet
CVE-2023-29521 unknown 3y ago XWiki Platform vulnerable to code injection from account/view through VFS Tree macro
CVE-2023-29520 unknown 3y ago XWiki Platform vulnerable to page render failure due to broken translations
CVE-2023-29519 unknown 3y ago org.xwiki.platform:xwiki-platform-attachment-ui vulnerable to Code Injection
CVE-2023-29518 unknown 3y ago XWiki Platform vulnerable to privilege escalation from view right using Invitation.InvitationCommon
CVE-2023-29517 unknown 3y ago Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer
CVE-2023-29516 unknown 3y ago XWiki Platform vulnerable to privilege escalation from view right on XWiki.AttachmentSelector
CVE-2023-29515 unknown 3y ago XWiki App Within Minutes app grants space admin rights that allows cross-site scripting
CVE-2023-29514 unknown 3y ago XWiki vulnerable to Code Injection in template provider administration
CVE-2023-29513 unknown 3y ago xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro
CVE-2023-29512 unknown 3y ago xwiki-platform-web-templates vulnerable to Eval Injection
CVE-2023-20873 unknown 3y ago Spring Boot Security Bypass with Wildcard Pattern Matching on Cloud Foundry
CVE-2023-29528 unknown 3y ago Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml